raccoon | 8872483a8453fe1604195632ef8c532dc51a14b01dc10840baa5d565623cd24f | Triage

Submit
Reports

Overview

overview

Static

static

3

Setup.exe

windows10-2004-x64

Sharing

General

Target

Latest_Setup_Use__PassWord__224466.rar
Size

19.2MB
Sample

230808-ppqcdaeb2t
MD5

1390e6bafde6cb955bcdf2a22267eed5
SHA1

7d39ae647b37b509bf23391f000f821b409dd41d
SHA256

8872483a8453fe1604195632ef8c532dc51a14b01dc10840baa5d565623cd24f
SHA512

6f37fec97d98df4f3ae58b514ce413e5a7d98e88eb8dbb7d5498b0e576bfdd503c9ead9683352d193d806230bb4ca689e41104b7c5d7eec04c24908a4fa7b5c0
SSDEEP

393216:jTFH5P0OKB97u/cuhoJqwkmE6FrRt2n3iAYe2XmUGvcmah7LyyLEN:jT95PEBpvqbrqrRt2n3ce2XmU+2e1

Score

10^/10

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Setup.exe

Resource

win10v2004-20230703-en

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

raccoon

Botnet

540b3ba85d1bbedd96c04ca8134046bc

C2

http://91.103.252.31:80/

xor.plain

Targets

- Target
  
  Setup.exe
- Size
  
  3.4MB
- MD5
  
  36c95cd438e93d1524c8f5760131dd78
- SHA1
  
  7b60b22ab77de4763de9d9116549e7c343428467
- SHA256
  
  b16737cd06d3b2bd6058d73b83dc3b966bf03b1a0832aac2f11525a15b1b35ca
- SHA512
  
  489a75bd5c10dc3a5fdd3a255528866bdefa3dd9a1144acb4de43ac25b87b880954944c80167171ce4a4ef1d770bcb46f74e71b162721fc87359ff34e532dbf0
- SSDEEP
  
  49152:0871cpClp+hBSUF2GX1Wjq7fR8gPDWHxHH9Q2BjYIqRGhANEf:0K1cpClbGX1cq7JNPDW82Bj/BANM
Score

10^/10

raccoon 540b3ba85d1bbedd96c04ca8134046bc stealer
- Raccoon
  Raccoon is an infostealer written in C++ and first seen in 2019.
  stealer raccoon
- Raccoon Stealer payload
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

raccoon540b3ba85d1bbedd96c04ca8134046bcstealer

© 2018-2024

Terms | Privacy